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REMARKS 

Claims 1 -29 are pending in this application. Claim 1 is amended herein. Support for the 
amendment to claim 1 may be found at page 5, lines 4-20, page 1 0, lines 31 -36, page 1 1 , lines 
10-17, and page 16, lines 24-30 of the English translation of German Application No. 
10242917.0, from which the subject application claims priority, and in Fig. 2. Reconsideration is 
requested based on the foregoing amendment and the following remarks. 

Response to Arguments: 

The Applicants appreciate the consideration given to their arguments. Applicants were, 
however, disappointed to find that their arguments were not found to be persuasive. 

The Advisory Action mailed June 2, 2008: 

The Advisory Action asserts in section 1 , at page 2, that: 

Applicant asserts Ott does not teach (a) "an external display to display the current 
security status of the appliance directly on the outside of the appliance" (remarks; 
Page 8 / 3rd Para) and (b) in Ott, the security server is not a client computer, i.e. 
an appliance (Remarks: Page 8 Last Para). 

With respect to point (b), the Applicants actually argued, inter alia , that, in Ott, a mobile 
sensor agent installed on a c//e/if computer detects events and reports event data back to 
security server, rather than displaying the event data "directly on an outside of the appliance," 
i.e., the location at which the recited "current security status of an appliance" was detected. In 
particular, as described at paragraph [0022]: 

Once deployed and installed on a client computer, a mobile sensor agent detects 
events and reports event data back to security server 302. As used herein, a field 
agent is a mobile sensor agent that is distributed from security server 302 to one 
specific protected client computer. 

Thus, in Ott, a mobile sensor agent installed on a client computer detects events and reports 
event data back to security server 302, so Ott has no need for "external display to display the 
current security status of the appliance directly on an outside of the appliance," as recited in 
claim 1 , whatever the names used to refer to the security server or the client computer in Ott. 

The Advisory Action goes on to assert in section 1 , at page 2, that: 

(2) Applicant's argument has no merit since the alleged limitation "a client 
computer" has not been recited into the claim (i.e. using "appliance" instead). 

Whether the client computer in Ott is called an appliance or a client computer makes no 
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difference, since a mobile sensor agent installed on the client computer detects events and 
reports event data back to security server in Ott, instead of having an "external display to display 
the current security status of the appliance directly on an outside of the appliance," which was 
recited formerly In claim 1 . Still, In the Interest of compact prosecution only, and not for any 
reason of patentability, the third clause of claim 1 has been amended to recite: 

An external display disposed directly on an outside of the automation appliance, 
the external display displaying the current security status of the appliance directly 
on an outside of the appliance upon which the external display is disposed. 

The Advisory Action goes on to assert In section 1 , at page 2, that: 

Examiner respectfully disagrees because (1) Ott teaches, in one of its 
embodiments, the network security system can display the current network status 
in virtually real-time to an operator of the system (Ott: Para [0043]). 

But a network security system that can display the current network status In virtually real- 
time to an operator of the system does not amount to an "external display to display the current 
security status of the appliance directly on an outside of the appliance," as recited formerly In 
claim 1 , since the event data In Ott Is collected at the client computer and reported back to the 
operator of the system at the server computer. 

Finally, the Advisory Action asserts In section 2, at page 2, that: 

Examiner notes the event log must thus be captured, stored and identified as an 
event log inside the security server where the security status identified as an 
internal event log of a server is qualified as an Internal display of the server 

In Ott, however, the security server deploys a number of mobile sensor agents 
throughout the network, which detect occurrences of specified events. The sensor agents 
communicate event data back to the respective security se/verfor analysis and processing. In 
particular, as described at paragraph [0020]: 

After the security server (or servers) are physically connected to the network, or 
after the security server software is loaded onto an existing network server, the 
security server deploys a number of mobile sensor agents throughout the 
network. The sensor agents detect occurrences of specified events; an event may 
be a component of a known attack signature or any detectable event associated 
with the operation of the protected client computers or the protected computer 
network. The sensor agents communicate event data back to the respective 
security server for analysis and processing. 

Since, in Ott, the sensor agents communicate event data back to the respective security server 
for analysis and processing, and since the event log must thus be captured, stored and identified 
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as an event log inside the security server Ott, as noted in the Advisory Action, rather than in 
whatever client computer the mobile sensor happens to have been deployed, Ott has no 
"internal display to display the current security status of the appliance within an inside of the 
appliance," as recited formerly in claim 1 . 

Still, in the interest of compact prosecution only, and not for any reason of patentability, 

the fourth clause of claim 1 has been amended to recite: 

An internal display disposed on the inside of the automation appliance, the 
internal display displaying the current security status of the appliance within the 
inside of the appliance. 

Further favorable consideration is requested. 

The final Office Action mailed April 14, 2008: 

The final Office Action asserts in section 3, at page 2, that: 

(c) the monitor display is indeed directly on an outside of the server (Ott: Figure 1 
/ Element 110). 

Since, as acknowledged graciously in the final Office Action, the monitor display is on the 
outside of the server, Ott does not "display the current security status of the appliance directly on 
an outside of the appliance," as recited formerly in claim 1 . Event occurrences in Ott, rather, are 
detected by mobile sensor agents at the /7osf level and reported back to the security server. 
Since the monitor display is on the security server, not the host, Ott does not "display the current 
security status of the appliance directly on an outside of the appliance," as recited formerly in 
claim 1 . In particular, as described the Abstract: 

A computer network security system utilizes mobile sensor agents that detect 
host-level activities and report event occurrences to a security server connected 
to the protected network. The security server processes the event data, assesses 
the current situation/risk status of the network, and manages the distribution of 
mobile sensor agents in the network in response to the current status of the 
network. 

Since, in Ott, mobile sensor agents detect host-level activities and report event occurrences to a 
security server connected to the protected network, Ott has no "external display to display the 
current security status of the appliance directly on an outside of the appliance," as recited 
formerly in claim 1. 

The final Office Action asserts in section 4, at page 4, that: 

(a) Ott teaches an event may be a component of a known attack signature or any 
detectable event associated with the protected network and the sensor agents 
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communicate event data back to the respective security server for analysis and 
processing (Ott: Para [0020] Line 5-11 and Table 1 : Last 4 - 6 Lines). 

Since, as acknowledged graciously In the final Office Action, the sensor agents communicate 
event data back to the respective security server ior analysis and processing, Ott Is not 
displaying "the current security status of the appliance within an inside of the appliance," as 
recited formerly In claim 1 . In Ott, rather, mobile sensor agents detect host-level activities and 
report event occurrences to a security server connected to the protected network, as discussed 
above, so Ott Is not displaying "the current security status of the appliance within an Inside of the 
appliance," as recited formerly In claim 1 . 

Further favorable consideration is requested. 

Claim Rejections - 35 U.S.C. § 102: 

Claims 1 -4, 6-9, 11-16,18-21, 23-27, and 29 were rejected under 35 U.S.C. § 1 02(e) as 
anticipated by U.S. Patent Application Publication No. 2004/0049698 to Ott et al. (hereinafter 
"Ott"). The rejection is traversed to the extent it might apply to the claims as amended. 
Reconsideration is earnestly solicited. 

The third clause of claim 1 recites: 

An external display disposed directly on an outside of the automation appliance, 
the external display displaying the current security status of the appliance directly 
on an outside of the appliance upon which the external display Is disposed. 

Ott neither teaches, discloses, nor suggests "an external display disposed directly on an outside 
of the automation appliance, the external display displaying the current security status of the 
appliance directly on an outside of the appliance upon which the external display Is disposed," 
as recited In claim 1 . In Ott, rather, the network security system displays the current 
situation/risk status of the protected network to an operator of the system, who Is at a server, not 
"directly on an outside of the appliance," as recited In claim 1 . In particular, as described at 
paragraph [0043]: 

The network security system can display or otherwise convey the current 
situation/risk status of the protected network in virtually real-time to an operator of 
the system (task 618). 

Since, in Ott, the network security system displays the current situation/risk status of the 
protected network to an operator of the system, who is at a server, Ott has no "external display 
disposed directly on an outside of the automation appliance, the external display displaying the 
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current security status of the appliance directly on an outside of the appliance upon which the 
external display is disposed," as recited in claim 1 . 

Moreover, in Ott, the security server, not a client computer, i.e. an "appliance," includes a 
display monitor. In particular, as described further at paragraph [0043]: 

In the preferred embodiment, the security server includes a display monitor and 
the security server is capable of rendering a graphical representation of the 
network status for display on the monitor. 

Since, in Ott, the security server includes a display monitor, Ott has no "external display to 
display the current security status of the appliance directly on an outside of the appliance," as 
recited in claim 1 . 

Moreover, in Ott, the situation/risk status of the network enables an operator to quickly 
determine whether any given client computer is vulnerable or under attack. In particular, as 
described further at paragraph [0043]: 

For example, the situation/risk status of the network can be displayed in any 
convenient manner that enables an operator to quickly determine whether any 
given client computer is vulnerable or under attack. 

Since, in Ott, the situation/risk status of the network enables an operator to quickly determine 
whether any given client computer is vulnerable or under attack, Ott has no "external display 
disposed directly on an outside of the automation appliance, the external display displaying the 
current security status of the appliance directly on an outside of the appliance upon which the 
external display is disposed," as recited in claim 1 . 

In fact, in Ott, a mobile sensor agent installed on a client computer detects events and 
reports event data backXo security server 302, rather than "directly on an outside of the 
automation appliance," as recited in claim 1 . In particular, as described at paragraph [0022]: 

Once deployed and installed on a client computer, a mobile sensor agent detects 
events and reports event data back to security server 302. As used herein, a field 
agent is a mobile sensor agent that is distributed from security server 302 to one 
specific protected client computer. 

Since, in Ott, a mobile sensor agent installed on a client computer detects events and reports 
event data back to security server 302, Ott has no "external display disposed directly on an 
outside of the automation appliance, the external display displaying the current security status of 
the appliance directly on an outside of the appliance upon which the external display is 
disposed," as recited in claim 1 . 
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Finally, in Ott, a security server receives data from the protected client computers or other 
network components, rather than "directly on an outside of the automation appliance," as recited 
in claim 1 . In particular, as described at paragraph [001 9]: 

Although not a requirement of the network security system, a security server Is 
preferably realized as a stand-alone PC having a display monitor, a mouse, a 
keyboard (or other user interface), at least one data communication port 
configured to receive data from the protected client computers or other network 
components (e.g., event data from mobile sensor agents), and other common 
hardware and software features. 

Since, In Ott, a security server receives data from the protected client computers or other 
network components, Ott has no "external display disposed directly on an outside of the 
automation appliance, the external display displaying the current security status of the appliance 
directly on an outside of the appliance upon which the external display Is disposed," as recited In 
claim 1 . 

The fourth clause of claim 1 recites: 

An internal display to display the current security status of the appliance within an 
inside of the appliance. 

Ott neither teaches, discloses, nor suggests "an Internal display to display the current security 
status of the appliance within an Inside of the appliance," as recited In claim 1 . There Is no 
Internal event data log In Ott, contrary to the assertion In the final Office Action In section 5, at 
page 4. Table 1 Is a list of detectable events, not an event log, contrary to assertion In the final 
Office Action. 

Even if there were an internal event data log in Ott, moreover, it would reside on the 
server, not on the client, since the sensor agents communicate event data back to the respective 
security seri/erfor analysis and processing, as discussed above, not "within an inside of the 
appliance," as recited in claim 1 . In particular, as described at paragraph [0020]: 

After the security server (or servers) are physically connected to the network, or 
after the security server software is loaded onto an existing network server, the 
security server deploys a number of mobile sensor agents throughout the 
network. The sensor agents detect occurrences of specified events; an event may 
be a component of a known attack signature or any detectable event associated 
with the operation of the protected client computers or the protected computer 
network. The sensor agents communicate event data back to the respective 
security server for analysis and processing. 

Since, in Ott, the sensor agents communicate event data back to the respective security server 
for analysis and processing, Ott has no "Internal display to display the current security status of 



Page 12 of 15 



Application Serial No. 10/662,811 

Request for Continued Examination filed July 1 , 2008 

Reply to final Office Action mailed April 14, 2008 

the appliance within an inside of the appliance," as recited in claim 1 . 

In Ott, moreover, the security se/ver processes the event data to determine the security 
status of the network, as discussed above, not "within an inside of the appliance," as recited in 
claim 1 . In particular, as described further at paragraph [0020]: 

The security server processes the event data to determine the security status of 
the network and to determine whether it would be beneficial to obtain additional 
event data in order to better assess the security status of the network. 

Since, in Ott, the security server processes the event data to determine the security status of the 
network, Ott has no "internal display to display the current security status of the appliance within 
an inside of the appliance," as recited in claim 1. Claim 1 is submitted to be allowable. 
Withdrawal of the rejection of claim 1 is earnestly solicited. 

Claims 2, 3, 4, 6-9, 11, and 12 depend from claim 1 and add further distinguishing 
elements. Claims 2, 3, 4, 6-9, 11, and 12 are thus also submitted to be allowable. Withdrawal of 
the rejection of claims 2, 3, 4, 6-9, 11 , and 12 is also earnestly solicited. 

Claims 13-16. 18-21. 23. and 24: 

The third clause of claim 13 recites: 

Displaying the current security status of the appliance on an outside of the 
appliance. 

Ott neither teaches, discloses, nor suggests "displaying the current security status of the 
appliance on an outside of the appliance," as discussed above with respect to the rejection of 
claim 1 . 

The fourth clause of claim 13 recites: 

Displaying the current security status of the appliance on an inside of the 
appliance. 

Ott neither teaches, discloses, nor suggests "displaying the current security status of the 

appliance on an inside of the appliance," as discussed above with respect to the rejection of 
claim 1 . Claim 13 is thus submitted to be allowable, for at least those reasons discussed above 
with respect to the rejection of claim 1. Withdrawal of the rejection of claim 13 is earnestly 
solicited. 

Claims 14, 15, 16, 18-21, 23, and 24 depend from claim 13 and add further 
distinguishing elements. Claims 14, 15, 16, 18-21 , 23, and 24 are thus also submitted to be 
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allowable. Withdrawal of the rejection of claims 14, 15, 16, 18-21, 23, and 24 is also earnestly 
solicited. 

Claims 25. 26. 27. and 29: 

The third clause of claim 25 recites: 

An external display to display the current security status of the appliance directly 
on an outside of the appliance. 

Ott neither teaches, discloses, nor suggests "an external display to display the current security 
status of the appliance directly on an outside of the appliance," as discussed above with respect 
to the rejection of claim 1 . 

The fourth clause of claim 25 recites: 

An internal display to display the current security status within an inside of the 
appliance. 

Ott neither teaches, discloses, nor suggests "an internal display to display the current security 
status within an inside of the appliance," as discussed above with respect to the rejection of 
claim 1 . Claim 25 is thus submitted to be allowable, for at least those reasons discussed above 
with respect to the rejection of claim 1 . Withdrawal of the rejection of claim 25 is earnestly 
solicited. 

Claims 26, 27 and 29 depend from claim 25 and add further distinguishing elements. 
Claims 26, 27 and 29 are thus also submitted to be allowable. Withdrawal of the rejection of 
claims 26, 27 and 29 is also earnestly solicited. 

Claim Rejections - 35 U.S.C. § 103: 

Claims 5, 17, and 28 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Ott in view of U.S. Patent No. 6,910,135 to Grainger (hereinafter "Grainger"). The rejection is 
traversed. Reconsideration is earnestly solicited. 

Claims 5, 1 7, and 28 depend from claims 1,13, and 25, respectively and add additional 
distinguishing elements. Ott neither teaches, discloses, nor suggests "an external display to 
display the current security status of the appliance directly on an outside of the appliance" or "an 
internal display to display the current security status of the appliance within an inside of the 
appliance," as discussed above with respect to the rejection of claim 1 . Grainger does not either, 
and thus cannot make up for the deficiencies of Ott with respect to claims 5, 1 7, or 28. Claims 5, 
17, and 28 are thus also submitted to be allowable. Withdrawal of the rejection of claims 5, 17, 
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and 28 is earnestly solicited. 

Claims 10 and 22: 

Claims 10 and 22 were rejected under 35 U.S.C. § 103(a) as being unpatentable over Ott 
in view of U.S. Patent Application Publication No. 2004/0049693 to Douglas (hereinafter 
"Douglas"). The rejection is traversed. Reconsideration is earnestly solicited. 

Claims 10 and 22 depend from claims 1 and 13, respectively and add additional 
distinguishing elements. Ott neither teaches, discloses, nor suggests "an external display to 
display the current security status of the appliance directly on an outside of the appliance" or "an 
internal display to display the current security status of the appliance within an inside of the 
appliance," as discussed above with respect to the rejection of claim 1 . Douglas does not either, 
and thus cannot make up for the deficiencies of Ott with respect to claims 10 and 22. Claims 10 
and 22 are thus also submitted to be allowable. Withdrawal of the rejection of claims 1 0 and 22 
is earnestly solicited. 

Conclusion: 

Accordingly, in view of the reasons given above, it is submitted that all of claims 1-29 are 
allowable over the cited references. Allowance of all claims 1-29 and of this entire application is 
therefore respectfully requested. 

Finally, if there are any formal matters remaining after this response, the Examiner is 
requested to telephone the undersigned to attend to these matters. 

If there are any additional fees associated with filing of this Amendment, please charge 
the same to our Deposit Account No. 19-3935. 

Respectfully submitted, 

STAAS & HALSEY LLP 

Date: July 1. 2008 By: /Thomas E. McKiernan/ 

Thomas E. McKiernan 
Registration No. 37,889 

1201 New York Avenue, N.W., 7th Floor 
Washington, D.C. 20005 
Telephone: (202)434-1500 
Facsimile: (202)434-1501 
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